Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Improved Fscrypt File Encryption Handling Aims For Linux 5.4

Written by Michael Larabel in Linux Storage on 11 August 2019 at 08:17 AM EDT. 6 Comments

LINUX STORAGE

Fscrypt is the common Linux kernel framework leveraged by the likes of the EXT4, F2FS, and UBIFS file-systems for providing native encryption support. While that Fscrypt-based file encryption has been part of the kernel for several releases now, there's been some shortcomings in how the encryption keys are handled but that should be cleared up for the upcoming Linux 5.4 cycle.

Eric Biggers of Google has been working to improve the key management for fscrypt. The solution he's been working on for a while is support for a file-system level key-ring with ioctls that allows keys to be easily added and removed.

The issues being addressed by this code are avoiding bugs in how fscrypt is currently abusing an OS-level access control mechanism, no current ability to properly remove a key, weaknesses in the key derivation function, and fscrypt not checking that the correct key was supplied as a current security vulnerability.

More details on this code still being worked on but will hopefully be ready for Linux 5.4 can be found via this message.

6 Comments

Related News

Linux Fixes Regression That Broke File Names With ❤️ & Other Special Characters

OpenZFS 2.2.7 Released With Linux 6.12 Support, Many Fixes

Optimizing Linux MD Bitmap Code Yields 89% Throughput Boost For Quad SSDs

NFS Server Scalability Improvement & Other NFS Enhancements For Linux 6.13

IO_uring Enjoys Hybrid IO Polling & Ring Resizing With Linux 6.13

exFAT Driver With Linux 6.13 Reduces FAT Chain Traversal For Better Performance

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts

Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels

How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs

Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd

Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal

COSMIC Alpha 4 Released For System76's Rust-Based Desktop

GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd

KDE Starts December By Landing A Number Of New Features